c-ares NAPTR parser out of bounds access

VULNERABILITY

The c-ares function ares_parse_naptr_reply(), which is used for parsing
NAPTR responses, could be triggered to read memory outside of the given input
buffer if the passed in DNS response packet was crafted in a particular way.

We are not aware of any exploits of this flaw.

INFO

The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2017-1000381 to this issue.

AFFECTED VERSIONS

This flaw exists in the following c-ares versions.

Affected versions: c-ares 1.8.0 to and including 1.12.0

Not affected versions: c-ares >= 1.13.0

THE SOLUTION

In version 1.13.0, the RR_len value gets checked properly and the function
is also added to the fuzz testing. It was previously accidentally left out
from that.